No announcement yet.

Preventing unauthorized Hubs/Switches from accessing LAN

  • Filter
  • Time
  • Show
Clear All
new posts

  • Preventing unauthorized Hubs/Switches from accessing LAN

    Iím currently on the road replacing an old switch in an organization with a Cisco 6509. Iím responsible for the cabling of the new switch, and there are others responsible for programming the new switch.

    Is there a method on the switch to prevent users from connecting their active link from their computer to hubs/switches to connect additional host?


  • #2
    Re: Preventing unauthorized Hubs/Switches from accessing LAN

    Have a look at the "Switchport Port-Security" command


    • #3
      Re: Preventing unauthorized Hubs/Switches from accessing LAN


      Thanks- For the reference. This is just what I needed. However, I'm having problems configuring my switch. I'm receiving the following error message when I try to configure port-security on my switch. Do I need another IOS version? If so, is there a version out that I can use with the current memory that I have available on my switch? See information below:

      Switch#config t
      Enter configuration commands, one per line. End with CNTL/Z.
      Switch(config)#int fa0/12
      Switch(config-if)#switchport port-security
      % Invalid input detected at '^' marker.

      Switch(config-if)#Switchport port-security ?
      % Unrecognized command
      Switch(config-if)#Switchport port-security

      Switch#sh version
      Cisco Internetwork Operating System Software
      IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)XU, RELEASE SOFTWARE (fc1)
      Copyright (c) 1986-2000 by cisco Systems, Inc.
      Compiled Mon 03-Apr-00 16:37 by swati
      Image text-base: 0x00003000, data-base: 0x00301398

      ROM: Bootstrap program is C2900XL boot loader

      Switch uptime is 4 days, 10 hours, 50 minutes
      System returned to ROM by power-on
      System image file is "flash:c2900XL-c3h2s-mz-120.5-XU.bin"

      cisco WS-C2912-XL (PowerPC403GA) processor (revision 0x11) with 8192K/1024K bytes of memory.
      Processor board ID 0x0D, with hardware revision 0x01
      Last reset from power-on

      Processor is running Enterprise Edition Software
      Cluster command switch capable
      Cluster member switch capable
      12 FastEthernet/IEEE 802.3 interface(s)

      32K bytes of flash-simulated non-volatile configuration memory.
      Base ethernet MAC Address: 00:02:4B:BA:8B:80
      Motherboard assembly number: 73-3397-08
      Power supply part number: 34-0834-01
      Motherboard serial number: FAB0420353E
      Power supply serial number: PHI041408UL
      Model revision number: A0
      Motherboard revision number: B0
      Model number: WS-C2912-XL-EN
      System serial number: FAB0426S082
      Configuration register is 0xF



      • #4
        Re: Preventing unauthorized Hubs/Switches from accessing LAN

        Maybe you need the "switchport mode access" command first. What do you get when in config-if if you do "switchport ?"


        • #5
          Re: Preventing unauthorized Hubs/Switches from accessing LAN

          You should also look at implementing 802.1x for layer 2 security on your 6509. It is more flexible than using other features such as max mac count to secure your switch ports.

          I am not sure which catOS you are running on your 6509 but version 6.0 and up support it.